[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

host ipv6 on bridge not working

Hi all,


I’ve a working setup on a virtualization host with two NIC’s, one for LAN and the other for DMZ. The host itself is only accessible on the LAN NIC. The containers (openvz) are connected to either one of the NIC’s. Both NIC’s are connected to a router/firewall that routes between WAN, DMZ and LAN. My network is dual stack.

This setup is currently working for both IPv4 and IPv6, but has two strange issues with IPv6:

1. IPv6 only works if I disable RA’s on the DMZ side of the router. When enabled, the DMZ NIC, that does not have IP’s configured for the hardware node itself, will auto configure IPv6, even if I set net.ipv6.conf.all.accept_ra = 0. The LAN NIC that has an IPv6 address and all containers will lose their IPv6 connectivity both on DMZ and on the LAN side. Disabling RA on the router’s DMZ interface is no problem, but it’s still strange. What could be the cause?

2. Without the RA, the containers have full IPv6 connectivity. The hardware node however does have a LAN IPv6 address, but can’t be reached. On the LAN I get a ‘no route to host’ error. It seems as even though the LAN NIC / bridge has an IPv6, it doesn’t advertise itself accordingly on the LAN. The setup seems fine, the routing seems fine, but I can neither ssh -6 nor ping6 to or from the hardware node. What could I do / test to solve this issue?

The setup in interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary LAN network interface

iface eth0 inet manual
iface eth0 inet6 manual

auto vzbr_lan

iface vzbr_lan inet static
  address 192.168.1.xx
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-nameservers 192.168.1.1
  dns-search somedomain.tld
  bridge_ports eth0
  bridge_stp off	
  bridge_waitport 0
  bridge_df 0			

iface vzbr_lan inet6 static
  address aaaa:bbbb:cccc:3::xx
  netmask 64
  gateway aaaa:bbbb:cccc:3::1
  dns-nameservers aaaa:bbbb:cccc:3::1
  dns-search somedomain.tld

# The primary DMZ network interface

iface eth1 inet manual
iface eth1 inet6 manual

auto vzbr_dmz

iface vzbr_dmz inet manual
  bridge_ports eth1
  bridge_stp off       
  bridge_waitport 0    
  bridge_fd 0          

iface vzbr_dmz inet6 manual

The resulting routing:

$ ip -6 route show
aaaa:bbbb:cccc:3::/64 dev vzbr_lan  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
aaaa:bbbb:cccc:3::/64 dev vzbr_lan  proto kernel  metric 256  expires 2591598sec mtu 1500 advmss 1440 hoplimit 0
fe80::1 dev venet0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev vzbr_lan  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev vzbr_dmz  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev venet0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth115.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth114.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth111.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth112.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth113.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth103.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev veth102.0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
default via aaaa:bbbb:cccc:3::1 dev vzbr_lan  metric 1024  mtu 1500 advmss 1440 hoplimit 0
default via fe80::204:76ff:fe21:8122 dev vzbr_lan  proto kernel  metric 1024  expires 22sec mtu 1500 advmss 1440 hoplimit 64

thanks,

P.
Reply to: